Right, but anything relating to input validation can be avoided by using a well designed library rather than implementing the protocol directly.

> CGI has a very long history of security issues stemming primarily from input validation or the lack thereof.

And a Go program reading from a network connection is immune from the same concerns how?

It's not, you have to use Rust :)

> It's not, you have to use Rust :)

If only I could borrow such confidence in network data... :-D

The language in use often has input validation libraries. The failure of the programmer to use them is not the fault of CGI. Further, proper administration of the machine can mitigate file injection, database injection, etc. Again, that people fail to do this isn’t the fault of CGI.

That's like saying forks and knives are vulnerable becuase you could stab someone with them.